Threat Level

High

Overview

Multiple vulnerabilities have been reported in various Oracle products which could be exploited by a remote attacker to cause Denial-of-Service attacks, disclosure of sensitive information and arbitrary code execution.

2. Vulnerability in Oracle Hyperion ( CVE-2015-4823 )
This vulnerability exists in the Hyperion Installation Technology component of Oracle Hyperion which could be exploited by a remote attacker by launching network attacks via HTTP.
Successful exploitation of this vulnerability could lead to unauthorized access to the component accessible data.

3. Multiple vulnerabilities in Oracle Enterprise Manager Grid Control ( CVE-2015-1793 CVE-2015-4859 CVE-2015-4875 CVE-2015-4874 CVE-2015-2633 )
Multiple vulnerabilities exist in various components of Oracle Enterprise Manager Grid Control which could be exploited by a remote attacker by launching network attacks via HTTP.
Successful exploitation of these vulnerabilities could lead to unauthorized access to the component accessible data or could result in partial Denial-of-Service (DOS) conditions.

4. Multiple vulnerabilities in Oracle E-Business Suite ( CVE-2015-4798 )
Multiple vulnerabilities exist in various components of Oracle E-Business Suite which could be exploited by a remote attacker by launching network attacks via HTTP/HTTPS.
Successful exploitation of these vulnerabilities could lead to unauthorized access to the component accessible data or could result in partial Denial-of-Service(DOS) conditions.

5. Multiple vulnerabilities in Oracle Supply Chain Products Suite ( CVE-2015-1791 )
Multiple vulnerabilities exist in various components of Oracle Supply Chain Products Suite which could be exploited by a remote attacker by launching network attacks via HTTP.
Successful exploitation of these vulnerabilities could lead to unauthorized access to the component accessible data or could result in partial Denial-of-Service (DOS) conditions.

6. Multiple vulnerabilities in Oracle PeopleSoft Products ( CVE-2015-4887 )
Multiple vulnerabilities exist in various components of Oracle PeopleSoft Products which could be exploited by a remote attacker by launching network attacks via HTTP.
Successful exploitation of these vulnerabilities could lead to unauthorized access to the component accessible data , unauthorized operating System takeover including arbitrary code execution or could result in partial Denial-of-Service (DOS) conditions.

7. Vulnerability in in Oracle Siebel CRM ( CVE-2015-4841 )
The vulnerability exists in various components of Oracle Siebel CRM which could be exploited by a remote attacker by launching network attacks via HTTPS.
Successful exploitation of this vulnerability could lead to unauthorized access to the component accessible data.

8. Vulnerability in in Oracle Industry Applications ( CVE-2015-4795 )
The vulnerability exists in the oracle utilities work and Asset Management component of Oracle Industry Applications which could be exploited by a remote attacker by launching unauthenticated network attacks via HTTP.
Successful exploitation of this vulnerability can result in unauthorized update, insert or delete access to Oracle Utilities Work and Asset Management accessible data, access to a subset of Oracle Utilities Work and Asset Management accessible data or could result in partial Denial-of-Service (DOS) conditions.

9. Multiple vulnerabilities in Oracle Communications Applications ( CVE-2015-2608 CVE-2015-7940 CVE-2015-0235 CVE-2015-4793 CVE-2015-4000 )
Multiple vulnerabilities exist in various components of Oracle Communications Applications which could be exploited by a remote attacker by launching unauthenticated network attacks via HTTP or SSL/TLS .
Successful exploitation of these vulnerabilities could lead to unauthorized access to the component accessible data , unauthorized operating System takeover including arbitrary code execution or could result in partial Denial-of-Service (DOS) conditions.

10. Multiple vulnerabilities in Oracle Retail Applications ( CVE-2015-0050 CVE-2015-4827 )
Multiple vulnerabilities exist in various components of Oracle Retail Applications which could be exploited by a remote attacker by launching unauthenticated network attacks via HTTP.
Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Retail Open Commerce Platform accessible data or subset of Oracle Retail Open Commerce Platform accessible data.

Impact

Solution/ Workarounds

Apply appropriate patches as mentioned in Oracle Security Bulletin available at